ALERT! Change your password!

Announcements regarding Net-Chess.
Post Reply
gmiller
Site Admin
Posts: 1388
Joined: Sun Mar 14, 1999 11:13 am
Location: Jeffersonville, IN
Contact:

ALERT! Change your password!

Post by gmiller » Thu Aug 26, 2004 8:45 pm

CHANGE YOUR PASSWORD FIRST, THEN READ THIS MESSAGE

Someone managed to get my password and log on as me to the Net-Chess site on Jul 13th. This normally wouldn't be a problem as all of the administration functions are still hidden, and most can't be used through a web browser anyway. Unfortuantley the forum has a "backup" feature which allows an admin to download the entire database. He found this feature on Jul 14 and downloaded the forum database.

Users passwords are not in that database, but it does contain a "hash" of your password. This hash can't be worked backwards to recover the password, but someone can continuously encode words to see if it produces a hash that matches one in the database.

Bascially what that means is if you use a guessable password (such as any word which would appear anywhere on the Internet), then your password is probably compromised.

I know he got quite a few of them. He proceeded to log in as some (all?) of the user's he was able to crack. This may have been just to verify the crack worked, but was probably more likley used to "screen scrape" the email addresse off of the home page. He also loaded the "My Profile" page for most of the users he logged in as, which would allow him to connect any information you had in your profile with your email address.

The number of accounts he actually logged in as is somewhere around 500 (out of 30,000 total users). But that doesn't mean he wasn't able to crack more of them and just chose not to log in with some. He may also still come back and try to log in as more users in the future. So the best protection you have is to change your password now.

The only (other) destructive thing he did was to post a message in the forum under someone's ID. I'm guessing he was more after email addresses than anything else.

Post Reply